EdgeRouter - VTI Example on EdgeRouter

VTI (Virtual Tunnel Interface) is a way of binding a ipsec tunnel interface. This feature was added in EdgeOS v1.6.0.

In this example we'll have the following network for router R1 and R2:

R1

==

eth0: WAN 20.0.0.2/30, gateway 20.0.01/30

eth1: LAN 192.168.1.1/24

R2

==

eth0: WAN 30.0.0.2/30, gateway 30.0.01/30

eth1: LAN 172.16.1.1/24

First we'll use the 2nd WAN+2LAN2 setup wizard so that we can change the LAN subnet on R2. Then on the GUI we'll use the VPN tab to create a standard IPSec site-to-site tunnel. Lastly we'll use the CLI to convert the IPSec tunnel to use the VTI interface.

One big difference with VTI is that we're no longer defining what enters the tunnel based on local/remote subnet. With VTI we have a routable interface, so on R1 well add a route to 172.16.1.1 via the VTI interface.